|Developer(s)||The OpenXPKI Foundation|
|Operating system||Unix-like operating systems|
|Type||Public key infrastructure|
|License||Apache License V 2.0|
Multiple CA instances
OpenXPKI supports the configuration of multiple independent logical PKIs (aka "PKI Realms") in one single application instance. This allows for configuration e. g. of a Root CA and one or more subordinate CAs within one single installation.
Fully automatic CA rollover
Within a logical PKI (PKI Realm) OpenXPKI provides the possibility to configure multiple Issuing CAs with overlapping validity. Once a new Issuing CA becomes valid it automatically takes over for issuing new certificates. This feature allows for a fully automatic CA rollover where administrators do not have to take down and reconfigure the whole PKI installation once a CA certificate is about to expire.
OpenXPKI utilizes a workflow engine that allows to modify and extend the basic operation of the PKI (e. g. certificate request and approval). Customizing the behaviour of the system is often accomplished by modifying the workflow description in XML format.
In addition the workflow engine makes it possible to extend the system with customized workflows. OpenXPKI includes some standard workflows e. g. for requesting X.509 Digital Certificates and issuing Certificate Revocation Lists that can easily be customized to model the actual PKI processes. By adding new workflow definitions it is possible to extend the PKI system.
Infrastructure key protection
Ticketing system integration
OpenXPKI provides built-in integration with the RT Request Tracker. It can automatically create and link tickets in the ticketing system for incoming certificate requests and thus allows Registration Officers to keep track of their workload.
OpenXPKI fully supports Internationalization and localization of its interfaces.
It is possible to extend the cryptographic backend for non-western cryptography. Support for Russian national algorithms (GOST) as an example of foreign cryptography is already included.